SAD/U5 Topic 2 Viruses, Virus Control, Hackers
A virus is a fragment of code embedded in a legitimate program. Virus are self-replicating and are designed to infect other programs. They can wreak havoc in a system by modifying or destroying files causing system crashes and program malfunctions. On reaching the target machine a virus dropper (usually Trojan horse) inserts the virus into the system.
Various types of virus:
- File Virus: This type of virus infects the system by appending itself to the end of a file. It changes the start of a program so that the control jumps to its code. After the execution of its code, the control returns back to the main program. Its execution is not even noticed. It is also called parasitic virus because it leaves no file intact but also leaves the host functional.
- Boot sector Virus: It infects the boot sector of the system, executing every time system is booted and before operating system is loaded. It infects other bootable media like floppy disks. These are also known as memory virusas they do not infect file system.
- Macro Virus: Unlike most virus which are written in low-level language (like C or assembly language), these are written in high-level language like Visual Basic. These viruses are triggered when a program capable of executing a macro is run. For example, macro virus can be contained in spreadsheet files.
- Source code Virus: It looks for source code and modifies it to include virus and to help spread it.
- Polymorphic Virus: A virus signature is a pattern that can identify a virus (a series of bytes that make up virus code). So in order to avoid detection by antivirus a polymorphic virus changes each time it is installed. The functionality of virus remains same but its signature is changed.
- Encrypted Virus: In order to avoid detection by antivirus, this type of virus exists in encrypted form. It carries a decryption algorithm along with it. So the virus first decrypts and then executes.
- Stealth Virus: It is a very tricky virus as it changes the code that can be used to detect it. Hence, the detection of virus becomes very difficult. For example, it can change the read system call such that whenever user asks to read a code modified by virus, the original form of code is shown rather than infected code.
- Tunneling Virus: This virus attempts to bypass detection by antivirus scanner by installing itself in the interrupt handler chain. Interception programs, which remain in the background of an operating system and catch viruses, become disabled during the course of a tunneling virus. Similar viruses install themselves in device drivers.
- Multipartite Virus: This type of virus is able to infect multiple parts of a system including boot sector, memory and files. This makes it difficult to detect and contain.
- Armored Virus: An armored virus is coded to make it difficult for antivirus to unravel and understand. It uses a variety of techniques to do so like fooling antivirus to believe that it lies somewhere else than its real location or using compression to complicate its code.
Use Malware Removal Software
Malware is very difficult to uninstall. Protecting your computer against these types of malicious software is much easier than having to disinfect it. UMass Amherst IT has compiled a list of preventive steps to help you keep your computer free of malware.
Malware removal software allows you to detect and remove adware, spyware, and various other types of malicious software. Run these malware removal tools especially after installing free or sponsored software.
Protect Your Computer from Unauthorized Access (Windows)
Configure User Account Security
User Accounts control access to your computer and limit the type of activity you can perform. Follow the tips below to secure your computer:
- Create a Standard Account (Windows 7 & 8) Many users log in as ‘Administrators’ for every computer session. While administrative privileges are necessary for software installation, viruses and Trojans are most harmful when entering via an Administrator Account. We recommend that you always log in with a Limited User Account or Standard Account for everyday use, even if you are the only person using your computer.
- Set up a password for the Administrator Account Most hacked computers have either a poor password or none at all on the Administrator Account.
- Require a username and password for all users Make sure everyone who uses your computer needs a username and password to log in.
- Disable Guest Accounts Intended for temporary users, Guest Accounts are an easy point of entry for hackers. We recommend that you permanently disable them.
A Hacker is a person who is intensely interested in the mysterious workings of any computer operating system. Hackers are most often programmers. They gather advanced knowledge of operating systems and programming languages and discover loopholes within systems and the reasons for such loopholes.
There are generally 10-types of Hackers, they are:
- White Hat Hackers: White hat hackers are the one who is authorized or the certified hackers who work for the government and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They also ensure the protection from the malicious cyber crimes. They work under the rules and regulations provided by the government, that’s why they are called Ethical hackersor Cybersecurity experts.
- Black Hat Hackers: They are often called Crackers. Black Hat Hackers can gain the unauthorized access of your system and destroy your vital data. The method of attacking they use common hacking practices they have learned earlier. They are considered to be as criminals and can be easily identified because of their malicious actions.
- Gray Hat Hackers: Gray hat hackers fall somewhere in the category between white hat and black hat hackers. They are not legally authorized hackers. They work with both good and bad intentions; they can use their skills for personal gain. It all depends upon the hacker. If a gray hat hacker uses his skill for his personal gains, he/she is considered as black hat hackers.
- Script Kiddies: They are the most dangerous people in terms of hackers. A Script kiddie is an unskilled person who uses scripts or downloads tools available for hacking provided by other hackers. They attempt to attack computer systems and networks and deface websites. Their main purpose is to impress their friends and society. Generally, Script Kiddies are juveniles who are unskilled about hacking.
- Green Hat Hackers: They are also amateurs in the world of hacking but they are bit different from script kiddies. They care about hacking and strive to become full-blown hackers. They are inspired by the hackers and ask them few questions about. While hackers are answering their question they will listen to its novelty.
- Blue Hat Hackers: They are much like the script kiddies; are beginners in the field of hacking. If anyone makes angry a script kiddie and he/she may take revenge, then they are considered as the blue hat hackers. Blue Hat hackers payback to those who have challenged them or angry them. Like the Script Kiddies, Blue hat hackers also have no desire to learn.
- Red Hat Hackers: They are also known as the eagle-eyed hackers. Like white hat hackers, red hat hackers also aims to halt the black hat hackers. There is a major difference in the way they operate. They become ruthless while dealing with malware actions of the black hat hackers. Red hat hacker will keep on attacking the hacker aggressively that the hacker may know it as well have to replace the whole system.
- State/Nation Sponsored Hackers: State or Nation sponsored hackers are those who are appointed by the government to provide them cybersecurity and to gain confidential information from other countries to stay at the top or to avoid any kind of danger to the country. They are highly paid government workers.
- Hacktivist: These are also called the online versions of the activists. Hacktivist is a hacker or a group of anonymous hackers who gain unauthorized access to government’s computer files and networks for further social or political ends.
- Malicious Insider or Whistleblower: A malicious insider or a whistleblower could be an employee of a company or a government agency with a grudge or a strategic employee who becomes aware of any illegal activities happening within the organization and can blackmail the organization for his/her personal gain.